Home » Identity & Access » Access Control

What Banks Tell Customers About Their Online Security

Six months after the FFIEC's rules for strong authentication took effect, we test what the country's three biggest banks tell their customers about online security. It's not very encouraging.

Next, she launched into a very plain-English description of SiteKey, Bank of America's system of allowing customers to verify that they are at the valid website by selecting a picture that will come up each time they log on. "If you don't see the picture, don't enter your password," she told me. She also explained that when I signed up for the first time, I'd have to answer three extra security questions. If I (or anyone else) ever tried to access my account from a different computer, I would first be asked a security question. If I answered correctly, I'd see my security picture and then be asked for my user name and password. If I answered it incorrectly a certain number of times, I would be locked out and have to go through extra verification at the call center to have the account unlocked.

Overall, I was impressed at how comfortable she was talking about security. It seemed to be part of the training she had gone through, and she also made several references to how she used the service herself. Call it a subtle kind of marketing if you will, but I actually liked to hear her admit, "A lot of times people say they have a hard time getting into our site as opposed to other sites, and that's because it's a very secure site."

pagebreak >

The Verdict

Here's the recap:

Citibank: Call-center rep did not seem to understand my questions and tried to refer me to the website for answers.

Chase: Call-center rep didn't offer clear explanations but kept trying to get me to sign up anyway.

Bank of America: Call-center rep understood my questions, explained customer-facing security mechanisms and offered advice about how I could protect myself.

After the calls, I rang Larry Freed, president of the research group ForeSee Results, to see what he thought. Freed is a former banking CTO who does a regular survey on banking customer satisfaction in conjunction with Forbes.com. He has told me in the past that customers who have not signed up for online banking often cite security as a factor.

Online banking is a huge area of growth for banksif they can get it right. According to Freed's latest survey, customers who are not doing online banking report an overall satisfaction level of 70 on a scale of 0 to 100. For those who do online banking and bill pay, the satisfaction level jumps to 79. What's more, those who are doing online banking and bill pay are much more likely to purchase additional services from the bank59 percent likely, rather than 36 percent.